» Smartbar.Monetization.Proxy.ProxyRemover.exe
Overview
Analysis
File Details
Programs (1)

Smartbar.Monetization.Proxy.ProxyRemover.exe

ProxyRemover

Veristaff.com Inc

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.Monetization.Proxy.ProxyRemover.exe by Veristaff.com Inc has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program SafeFinder Smartbar by Linkury Ltd. which is a potentially unwanted software program.

File name:

Publisher:

Veristaff.com Inc (signed and verified)

Product:

ProxyRemover

Version:

1.0.0.0

MD5:

b04286f41f58506f4658a16d745a3250

SHA-1:

84eea5b95b2e0e1fc9a36ac25ebb2358237a262b

SHA-256:

bbcefffd76e472f7f4a11296312209929629415e7d7a17a41c38dbb9d879b072

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/24/2024 9:48:17 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Veristaff

2015.0.3400

IKARUS anti.virus

AdWare.Linkury

t3scan.1.6.1.0

Reason Heuristics

PUP.Veristaff.f

14.7.28.9

File size:

21.8 KB (22,312 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Monetization.Proxy.ProxyRemover.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\smartbar.monetization.proxy.proxyremover.exe

Digital Signature

Signed by:

Veristaff.com Inc

Authority:

DigiCert Inc

Valid from:

7/8/2014 8:00:00 PM

Valid to:

7/14/2015 8:00:00 AM

Subject:

CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata

Compilation timestamp:

7/21/2014 7:54:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:dFnK6OI6YTI4HqZqtdkMSYD6nYPLx8I1M0Ur:DRnI4gadklYD648mM0Ur

Entry address:

0x5232

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2670

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

13 KB (13,312 bytes)

The file Smartbar.Monetization.Proxy.ProxyRemover.exe has been discovered within the following program.

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove Smartbar.Monetization.Proxy.ProxyRemover.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.